Wikipedia talk:IP block exemption/Archive 2

This page is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

RfC: Proposal: Less restrictive IPBE requirements for editors in good standing.

There is no consensus to change the criteria, though a more focused discussion on changing specific requirements may garner more support and discussion. Callanecc (talk • contribs • logs) 00:20, 12 December 2013 (UTC)

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Should IP block exemptions be granted without a need requirement to editors in good standing?

Survey

Support - For reasons given below, I think that in general it is preferable to move closer to a "trust-by-default" policy, especially if a person meets certain time requirements. 0x0077BE (talk) 15:06, 28 October 2013 (UTC)
Support - the use of VPN services etc. is increasing these days with people being generally more concerned about privacy than in the past, and as a community, we really can't afford to be turning away productive editors because they're concerned about their privacy. I suggest relaxing the policy so as to grant IPBE to editors "in good standing" (not yet defined) as long as they have a reasonable need for an exemption (e.g. "I frequently edit from public places and would prefer to use a VPN to protect my privacy"). —Darkwind (talk) 07:26, 12 November 2013 (UTC)
Unconvinced - The overwhelming number of VPNs and other proxies are soft-blocked: if an account has passed auto-confirmation, they should be able to edit using most VPNs. The exceptions here are tor and certain specific anonymizing proxies which are very closely and consistently linked with severe vandalism. I have lost count of the number of accounts I've blocked who were supposedly "good" until one found the massive range of sockpuppets underlying it; it's not unusual to find hundreds associated with specific VPNs, many of them all meeting the auto-confirmation threshold. The editor below has missed the core point of reducing the opportunity for anonymizing proxies: attribution. He's also not correct in his assessment that sockmasters are unlikely to create accounts far in advance: many of them do, and it's common to find banned users/vandals/sockmasters abusing with accounts that were created weeks, months and sometimes even years before on this or another WMF project. Risker (talk) 16:01, 13 November 2013 (UTC)

For one thing, I agree that some people have the patience to do this, but it's still a very asymmetrical problem - if you make it take a long time to do this, then you're severely reducing the pool of people who will use anonymizing editors. Those same people could also just say they live in Iran or China or something, too, so you're really only punishing honest people with the need restriction.

I'd also like to say that I'm not suggesting that auto-confirmed users automatically get IPBE, just that they (we'll assume auto-confirm is the threshold here, though I'd be fine with a more strenuous one) are eligible for requesting IPBE even without the need requirement. 0x0077BE (talk) 16:05, 16 November 2013 (UTC)

Comment - For me, it's kinda hard to support or oppose this proposal. There needs to be more explanation on the criteria. Editors in standing is too vague and is open to interpretation. If it's anything like Wikipedia:Established users, then I would strongly oppose such a proposal. Expanding on what Darkwind has said regarding reasonable need, there have been several users who cite necessity reasons. But upon inspection, the reason for use of proxies, VPN/VPS, etc. is really for personal preference rather than actual necessity. This is true for a number of cases. Examples include are I use a VPN just because it's my personal preference or I need to use it because the [U.S.] government is spying on me or users who don't edit any public networks/users editing from residential IPs. I don't think it's a bad idea to relax the policy for [highly] trusted users. By highly trusted, I mean someone that most people would consider trusted. Elockid ^(Talk) 17:02, 14 November 2013 (UTC)

I think that the question of what the right level of "trusted" is is a secondary point, but I'd also make the point that it doesn't seem like this no-necessity requirement has even been tried, so we're all just going on our assumptions about how bad the problem would be. I personally think that even autoconfirmation plus the need to request the IPBE and be checked by a CheckUser would filter out a significant fraction of cheaters, and the remainder would not be hard to pick up given that people requesting IPBE would be under more scrutiny anyway. I would recommend a pilot program where autoconfirmed users or autoconfirmed users older than 6 months with 50+ constructive edits be exempt from the need requirement. If it's obvious that this is creating a large burden the policy can be reassessed, but I think that a big part of the Wikipedia philosophy is giving people benefit of the doubt. 0x0077BE (talk) 16:05, 16 November 2013 (UTC)

Oppose: per Risker. Chris Troutman (talk) 04:23, 17 November 2013 (UTC)
Oppose With no definition of "good standing" this proposal is far too open for misinterpretation with the potential for bad consequences. An editor who clearly had good standing and who clearly had a valid reason would not find it hard to obtain IPBE, but having too many IPBEs (perhaps collected as badges by enthusiastic editors) would make tracking down problems unnecessarily difficult. Johnuniq (talk) 06:51, 17 November 2013 (UTC)

The point of this proposal was not to immediately implement a general "good standing" replacement for the requirement, but rather the step before, which is to establish that a good standing OR need (note that "need" is also open to interpretation and is in fact the current policy) should be a valid criterion. I had assumed that the specific nature of the "good standing" requirement would come out of a consensus during the policy discussion. If you really oppose because you believe that "good standing" is not defined, then the implication is that there is a definition of "good standing" that would satisfy you, does it not? What would that definition be? Auto-confirmed users? Users with >50 constructive edits? Users with no history of edit warring?

I'd also like to say that I have a valid reason in that I use VPNs on all public and corporate networks, and I would prefer to use a VPN on my base router. I very clearly do have good standing, but because the threat to my privacy from telecoms is not considered a strong enough reason, I cannot get an IPBE, which prevents me from editing wikipedia 80% of the time that I'm on the internet, and is preventing me from protecting my home network's traffic, so I would dispute the underlying facts of how easy it is to get an IPBE.

I strongly support anyone being able to edit Wikipedia. However, IP data is one of the very few tools we have to combat the problem of persistent abuse, and granting IPBE would undoubtly get us in far more trouble with long term abusers. At the same time TLS provides fairly good end to end security, not much under the level of using a VPN. I'm willing to give some of the abuse fighting tools in order to allow more people to edit who have a convinving reason they need to use an anonymising secure proxy to edit Wikipedia without risking harm to their person, or to people close to them. This is however rarely the case. It tends to be a case of convenience; people who like to be able to edit wikipedia through a proxy for less direct needs. Because they need or want to use a VPN for other reasons, and they don't like turning it off just for editing Wikipedia. I'm fine with these too, provided that these users have a decent level of trust within the community. That represents a trade off that must be made on an individual basis for eas IPBE request, and that is a good thing. The more realistic and severe the reason to use an annonymising proxy, or to edit through another blocked IP is, the less trust in the editor should be required. I do believe that this is currently how IPBE's are granted (please set me right with some examples if I'm wrong), and that is the right way to do it, so I Oppose this proposal. Martijn Hoekstra (talk) 11:45, 17 November 2013 (UTC)

I have to say that I think this misses the point of the fact that IPBEs are already granted for need. Abusers can easily lie about the need and so it's actually a meaningless distinction that punishes only honest people. Obviously one can conceive of a situation where someone abuses IPBE, but I think the fact of the matter is that the asymmetries involved here make it so that these situations will be relatively rare.

Additionally, I'd like to say that just because there are options other than VPN does not mean that's a workable solution for everyone. I've been holding off on protecting all my router traffic using a VPN simply so that I can still edit wikipedia. I don't think you're getting anything in preventing me from editing from an anonymized IP address (I've already authenticated on non-anonymous ones anyway), but my contributions will likely be lost if this situation is not remedied when my desire for privacy overwhelms my desire to participate in Wikipedia. Of course, I'm not saying that I'm so important that the policy needs to be changed for me, but more and more people are going to VPNs and for every one person like me I'm sure there are dozens who would request IPBE and simply be declined. The fact of the matter is that most people want to contribute constructively - that's the basis for wikipedia. That means that any restrictions you put on editing need to be targeted very specifically at non-constructive editors and should be very carefully considered, right now we have almost the opposite situation, where anyone willing to believably lie can get an IPBE, but honest people can't. Most importantly, we have no information about the magnitude of these "potential abuses" or the degree to which IPBEs will even be requested if the need requirement were removed. We have a fundamental disagreement about what is essentially an experimental question, which really makes me think that a trial program is needed. 0x0077BE (talk) 15:52, 19 November 2013 (UTC)

There are a few points here that I would like to point out, which I think create the base under our disagreement. First off, you say that simply saying that one if from China or Iran is sufficient to currently get an IPBE. That's not true, and some form of evidence (even if that can never be perfect evidence) needs to be provided before the IPBE is granted. I understand when you think that if you would have simply insisted that you're from China you would have gotten an IPBE, and now that you are playing fair it is being denied, that something is very skewed. But let me stress that is not the case. (You already indicated you already authenticated from a non-anonymous address, I think from there, coupled with geolocation you can connect the dots on some of the checkuser actions performed before the IPBE is granted). Secondly, I think there is a false dichotomy you present when you say we have to either drop the requirement for being an editor in good standing, or we won't be able to satisfy the privacy of our editors. It might be a good time to think about what other things we can do to allow users who value their annonymity on the internet, and also want to edit Wikipedia. I will concede not knowing enough about network stacks and VPNs to present a solution right here, right now, but I'm sure there are other options we can explore. Lastly, the fear for large scale abuse is not something theoretical, and I think you may be underestimating it. The people pointing them out tend to have seen nasty cases of abuse, seen the lengths some people will go through to do their nasty, and shudder at the thought of those people also having IPBE to their disposal. As a thought experiment, I invite you to think what would have happened if Wiki-PR (which has a relatively low level of nastyness, and a relatively high level of pervasiveness) had the possibility of using anonymising proxies, and what the cleanup effort would have been after they had been discovered - if they had been discovered. Martijn Hoekstra (talk) 10:16, 21 November 2013 (UTC)

Darkwind and 0x0077BE Would you be ok with a set up that routes traffic to Wiki?edia around your VPN, or do you also want to annonymise your traffic to Wiki?edia? If it is the latter, could you help me understand why? In the latter case, would you be OK with a Wiki?edia specific second VPN hosted on Wikimedia Labs for example, or would that defeat the entire purpose? I would like to know a little more about your use case in that you may be representative for a larger group of people, and I would like to see if we can find out ways to accomodate you (and the group you possibly represent). Martijn Hoekstra (talk) 11:16, 21 November 2013 (UTC)

I'll say point taken on the Wiki-PR, but I still think that it's an empirical question as to how bad the problem would be, and there's the issue of asymmetries. I tried to ask admins what the verification was like before posting that but I did not get a response, so I went with what the actual policy is. That said, the policy here doesn't go into any specific detail about what need would be, and I can imagine that there are some stories that you can come up with that you could jump through hoops to verify. That said, if someone can maintain 6 months or 1 year without the use of an anonymizing proxy with say 50 constructive edits on separate days, how is anonymizing their IP from that point on really a major boon to abusers? They've already shown they have access to a non-anonymized channel, so the big danger is that some abusers might have a slightly easier time editing because they eventually can switch to an anomyized channel?

As to the second point - I can only speak for my own use case which is that if I implement an anonymizing VPN on my home router, I'm not even sure how I'd exempt traffic to and from wikipedia from being on that VPN, and I think that we should be valuing people's ability to hide their traffic from whoever might be listening in on your traffic, be it a company, an ISP or a government. Keep in mind that what I'm suggesting doesn't hide the source of edits from Wikipedia - since you've authenticated on a non-anonymous channel anyway and requested the IPBE - it primarily hides your online activities from people who are monitoring your traffic directly. Wikipedia edits can provide information that we might want to keep private - what if you are a homosexual who frequently edits LGBT-themed articles and don't want your employer to have any inkling of your sexual orientation? Your options will basically be, "Don't edit wikipedia at work", but for many people that could basically mean "Don't edit Wikipedia at all". I think that in the end there will be a large variety of reasons why people might want to anonymize their editing of Wikipedia from prying eyes and their ability to use a non-anonymous channel in many case will likely be limited.

At the moment, we can't know what reasons people have for getting IPBEs or what the people who would get them would do with them and why, because all of those people are blocked pre-emptively. I can only go as far as my imagination in the reasons why people would want this, but that doesn't mean that we aren't blocking a LOT of people who would use an IPBE responsibly just because our imaginations are limited. I am sympathetic to the idea of implementing this need-only policy in response to significant abuse of the system, but as far as I can tell this policy was adopted because it is a potential vector for abuse. I think it remains to be seen how much the ability to use anonymizing proxies really helps abusers if you need to essentially authenticate yourself anyway (in the sense that you can't use anonymizing proxies to create the account or to build up a reputation as someone who makes constructive edits). 0x0077BE (talk) 21:11, 25 November 2013 (UTC)

I get the feeling that you may not be aware of the amount of protection https currently offesrs you. The security and privacy considerations you bring up are adequately^{[ipbe 1]} protected by https, which is currently enabled by default on all Wiki(?)edia wikis. The point that still stands is the point of convenience. It is clearly inconvenient to set up a static route to a different gateway just for wikimedia traffic. In addition to that, when talking about editing at work over a VPN, you could set up your own VPN at home, and connect through the internet through that. VPN in itself isn't blocked; it's just the hosting providers that offer annonymising VPN access that do often get blocked, generally because there has been IP hopping abuse from the range of the ISP - otherwise we wouldn't even know there is a hosting provider there. Martijn Hoekstra (talk) 15:23, 28 November 2013 (UTC)

^ A dedicated attacker would still probably be able to reconstruct the pages visited with a fairly high certainty through elaborate reverse engineering, through correlating the response and request size. With these two and a dump of wikipedia, hoping the size of articles is relatively static, it is possible to find out the likely article you visited. While this is in the realm of theoretical possibilities, people who worry about this are probably in the realm of tinfoil hats, and if emplooyers are doing this, they should probably be concerned for things that are far more grave than then their employers finding out which wikipedia pages are visited or edited.

Oppose; so-called 'anonymizing' VPNs do little but obfuscation which has essentially no value to protect the user. Use HTTPS if you are worried about your security. On the other hand, those VPNs and proxies make it easy for abuse to take place over longer periods and cause a great deal of work for people trying to protect the project. No upside, and a big downside? No brainer.
Incidentally, I would recommend that IPBE be basically almost never granted in the first place; not made easier. I can count the number of legitimate IPBE users on one hand, but the number of times I have seen that right granted (in good faith) to vandals is distressing. — Coren ^(talk) 21:06, 5 December 2013 (UTC)

Threaded Discussion

I do not have the requisite level of need for an IPBE, but I use a VPN to connect to the internet whenever I'm on what I consider to be an insecure network (hotels, corporate, public, etc). I find it frustrating that IPBE is routinely denied to editors in good standing because of lack of need, as this seems like an overly heavy-handed policy which is somewhat antithetical to Wikipedia's "light touch" approach to moderation. I understand the reason for the IP ban and even the IP ban for logged in users by default, but I think that the "need" criterion can be safely removed without problem.

The purpose of filtering out anonymized traffic is to make it so that if you're going to make a contribution you need to be identifiable so that if you are known to have abused Wikipedia, your privileges can be revoked, something which is defeated by anonymizing proxies (and as such the IPs should indeed be banned by default). Having an account (which you cannot create from behind a proxy in the first place) is, however, an even stronger way to identify yourself than your IP address. Requiring an account which has been specifically exempted from IP blocks (i.e. the default is that you are still subject to IP blocking) is an even stronger constraint, as this triggers a check to determine if you are an editor in good standing.

The problem of sockpuppetry is a real one, but one that can be mostly eliminated by requiring some small number of edits and/or a minimum time on wikipedia for eligibility for IPBE. Very few people are so dedicated to sockpuppetry that they'd be willing to create a sockpuppet account 6 months in advance with say 10-20 positive contributions just so that they can post some abusive content and immediately be banned. Note also that this doesn't necessarily make sockpuppetry much easier, since if the user has a clean and distinct IP which they can use to create the sockpuppet account, they can likely use that clean IP for making the edits in the first place. Adding the requirement that and IPBE is not the default when the requirements have been reached and must be actively sought adds yet another hurdle that it is easy for good editors to clear but difficult for bad users to clear.

In summary, it seems to me like the IPBE proposal and the need restriction is likely to cause more harm than good, as it will prevent good editors from editing due to inconvenience, and there is a policy which addresses this problem in such a way that the likely harm on the other side is minimal. I would recommend that the policy be changed so that editors in good standing with some minimal account age and number of edits (preferably something achievable, like 6 months + 15 edits) are exempt from the "exceptional need" requirement. I would propose a test implementation of the policy of twice the minimal account age (to give sock puppeteers a chance to make their sock puppet accounts), and perhaps (if technically possible), a flag added which indicates if the user was granted IPBE due to need rather than default eligibility. Note: Since there has been no response to this in almost two weeks, I've converted it to an RfC. 0x0077BE (talk) 18:04, 17 October 2013 (UTC)

Comment. This discussion points out the double-edged sword we are dealing with here. Risker: "...tor and certain specific anonymizing proxies... are very closely and consistently linked with severe vandalism... the core point of reducing the opportunity for anonymizing proxies [is] attribution." In other words, we *have* to know our vandals, so we can ban them, and thus defend the wiki. But look at the flip side. If you replace 'vandalism' with the word 'fraud', then you get the banking hyperconglomerate justification for spying on every financial transaction anyone in the world ever makes: we *have* to know our customers, so we can mitigate fraud, and thus defend the bottom line. I have no problem believing Risker really-n-truly solely and only has stopping the Visigoths in mind... but as for the banking hyperconglomerates, I don't trust them all that much when they tell me my call is being recorded for quality assurance purposes, and hope I'll believe there is no other reason whatsoever.

Along the same lines, I don't live in China, and don't have any reason to suspect some gummint agent will swoop in to destroy me tomorrow, but just like I don't put much trust in the finance industry, I don't put much faith in the exponential increase in Big Brother; as was once said by Bruce Schneier, creating the infrastructure of a totalitarian police state is just inherently bad civic hygiene (*especially* if we justify such a thing using kiddie porn, drug dealers, terrorists, and the mafia as our boogeymen to make fear the motivating factor). The folks running the Great Firewall, replace Risker's disruptive "vandals" with instead disruptive "political dissidents".

So what is the point? First of all, the point is not that Risker/Chris/John/Martijn are mutually or individually the moral equivalent of Chairman Mao, or for that matter, of J.P. Morgan Esquire. I do not doubt they are opposed for the very best moral reasons: stopping vandals, period. Furthermore, second of all, I don't dispute that there are very strong indications that attribution can dramatically reduce the number of vandalism incidents. (That said, I don't dispute that a totalitarian surveillance society would be very damn effective at preventing guerilla violence, political dissidents, and so on.) Fundamentally, my point is this: I think it is a Bad Thing for the world, that only people who Very Much Need to be able to hide their educational pursuits, are given IPBEs. That makes them stick out like sore thumbs. Using tor, or anonymizing proxies, makes them stick out like sore thumbs. Even looking *up* how to use such things. All this makes such folks easy pickings for the gummint intelligence services.

Wikipedia is a top-ten website, in the world. We almost never take political stances. But when we do, good things happen. Jimbo took the political stance that all wikipedia.com content should be GFDL back in 2001. More recently, the day of the SOPA blackout, which was even more obviously a political stance. So my suggestion is this: we should reject the idea of giving IPBE exemptions to a significant percentage of wikipedia editors. But *not* merely on the grounds that attribution helps minimize vandalism. That is a tautology. Instead, we should justify the rejection, today albeit not forever, on the basis of lack of personnel. Besides attribution and banning/blocking/similar of identified vandals, there *is* another way to mitigate vandalism. Today, we have 600 active admins, and 30k active editors, some small percentage of which are IPBE folks. We handle the vandalism.

But someday, if we reverse the downward trend in editor-retention, what if we had 6k admins, and 300k active editors? Could we not afford to let 10% of them be IPBE? I think we could; we would have at least ten times as many vandal-fighters, to ninja-revert the damage done by the rare visigoth. What if we had 60k admins, and 3M editors? Could we let a million of our editors have IPBE? Yes, I submit. What about vandalism? Pffft... with three million ninjas? It would be reverted before it happened. (Quite literally: we could have real-time human-review of pending changes, with 3M actives.)

Should the day ever come, when we have so many editors that we can *handle* the vandalism, without needing attribution of any particular vandal, then at that point I would like wikipedia to start handing out IPBEs like candy, and encouraging the use of tor and other proxies. That way, people who *do* live in unfair countries, people who *do* need anonymizing proxies, people who *do* need IPBE... will be able to blend in with the crowd. Our mission is to be the encyclopedia that anyone can edit, and more to the point, than anyone can *learn* from, by reading what has been written via those edits! Right now, that mission is being thwarted, because in some countries, editing wikipedia can be hazardous to your health (and I'm not talking about some statistical increase in likelihood of heart troubles due to wikiStress). Wikipedia cannot itself solve such troubles; it is only a website. We do not have an army, we do not have billions of dollars, we do not have super-powers. But it would be wrong to say wikipedians cannot change the world -- after all, we already have. Hope this helps. Thanks for improving wikipedia, and from time to time, for improving the world. 74.192.84.101 (talk) 12:47, 29 November 2013 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Template and mediawiki namespace edits needed

Templates such as "checkuserblock", mediawiki interface pages such as the various "block messages", and the WP:BLOCK, WP:IP and WP:APPEAL pages may need updating to reflect roughly, that "IPEXEMPT is now an option if you are a well behaved user affected by a block. You should read WP:IPEXEMPT to understand the conditions on which this is granted before requesting it in your unblock request, if applicable."

We don't want heavy traffic, but we do need to consider that very problematic IP ranges will more often be hard blocked with exemption now (not previously possible), and ensure good-faith users are really quickly directed to IPEXEMPT if this happens to them. FT2 ^{(Talk | email)} 00:28, 9 May 2008 (UTC)

We can do this in a little while I'd like to make the uptake of this slow but smooth. :-) --Kim Bruning (talk)

Yes. FT2 ^{(Talk | email)} 00:53, 9 May 2008 (UTC)

Special:AllMessages. In case you weren't aware. : - ) --MZMcBride (talk) 01:27, 9 May 2008 (UTC)

Yes. I was actually thinking of Mediawiki:Blocktext more... which I drafted ;-) (and Mediawiki:Autoblockedtext etc which I didn't). FT2 ^{(Talk | email)} 02:33, 9 May 2008 (UTC)

One notable change: blocked users using Template:Unblock-auto (edit | talk | history | links | watch | logs) won't have to reveal their IP addresses. The template's probably not needed anymore, actually—blocktext can point directly to unblock-l. Gracenotes^T § 01:37, 9 May 2008 (UTC)

Why? (Sorry I'm coming late on this part) I mean, if we want to be able to decide whether or not ipblockexempt is a good idea, we might need to check which range is affected first and why? -- lucasbfr ^talk 09:32, 10 May 2008 (UTC)

While learning, let's keep a log

/log <- Can folks who have applied this flag leave a short description here please? This is not a requirement, just a friendly request so you can help us help you help us. --Kim Bruning (talk) 02:44, 9 May 2008 (UTC) and then there will be cake

Summary for newcomers to IPEXEMPT

IPEXEMPT means a user can bypass any IP block at all - only a block specifically on their username will affect them. There are two main situations it'll be most useful - constructive users who edit via a vandalism range or shared IP we would like to hard-block, and users who would like to edit anonymously via Tor or another hard-blocked open proxy.

The main risk area with IPEXEMPT is it is wiki pixie dust to avoid checkuser. So it's likely to be a highly desired flag by wiki-abusers for its WP:GHBH and WP:SOCK deniability potential. Fortunately most uses will not be for anonymous access, but for hard IP block bypassing.

Users who want IPEXEMPT to bypass a hard IP block on their usual IP, aren't a problem. They don't especially want to edit via proxies, it just happens IPEXEMPT would let them if they did. To keep it simple, the suggested policy is that a user in this position who just wants to use their normal connection but there's an IP block on it (schoolblock, vandalism, etc), can be given IPEXEMPT by any admin, but there's a condition they may not use it to edit via blocked proxies, or else it'll be removed.
Logging of the right, may be needed to track when the right should be removed (ie, end of block), perhaps. Nothing much more. Making non-proxied use a condition means minimal scrutiny is needed and avoids loads of needless inquiry and such. It also means most requests don't need anything more than a quick check it's justified (ie, due to an IP block on their native IP), since the right will be removed if used to edit via a proxy. Easy.

Users who want IPEXEMPT to edit anonymously need more scrutiny. That's still being discussed. Main risk - Admins might quietly give the right to socks or friends on a pretext (send self email). We've had a few sock-admins and some abuse proxy access and unblock methods.
This should be a rare request, and it requires a high level of trust of the user, and certainty of uninvolved admin scrutiny (IPEXEMPT is effectively an admin level tool). But if there is a bona fide need for anon proxy access by a non-admin, and sufficient trust, then we now have a way to let them.

FT2 ^{(Talk | email)} 03:01, 9 May 2008 (UTC)

Anon usage proposal (from Archive 1)

For usage where no anon proxy is involved, there's not anticipated to be many problems. But in the rare case that anonymity is requested, a tight control is needed to ensure scrutiny and close means of abuse (this is a highly abusable access). Draft from archive 1:

=== Using IP block exemption for anonymous or proxied editing ===

Editing via an anonymous proxy can be easily abused, so it is only granted under exceptional circumstances. Typical users who may reasonably request an exemption include users who show they can contribute to the encyclopedia, and (for existing users) with a history of valid non-disruptive contribution, but are either being hindered by restrictive firewalls, or for exceptional reasons must edit via anonymous proxies.

Note that avoidance of checkuser, or specific checkusers, is not usually considered a sufficient reason - concerns over checkusers should be discussed with the Arbitration Committee or Ombudsman.

There are strict requirements for determining whether a user can use IP block exemption to edit anonymously. Granting or reinstating exemption without following these would usually be considered a serious misuse of administrative tools:

Exemptions are not given without clear need, and a high level of user trust to not abuse the flag.
All exemptions must be posted for scrutiny and discussion to a reputable administrative mailing list or wiki-page. Typical venues include the unblock-l, checkuser-l, otrs-en-l, and arbcom-l mailing lists (contact details below), and WP:ANI. Administrators are prohibited from assigning IP exemption with permission to edit anonymously, to any user, without such a list being made fully aware, non-neutrality (if any) being disclosed, and a reasonable opportunity for review.
All exemptions are subject to review and repeal. Exemption may be, and will usually be, withdrawn if there is credible evidence or concern of abuse, or the exemption is no longer necessary.

Who may request -- A user who has genuine and exceptional need, and can be trusted not to abuse the right. This is a level of trust equal to that given Administrators, as IP block exemption is an administrative tool.

How to request -- Request to an appropriate administrative mailing list or venue (see above). Uninvolved administrators will discuss your request.

FT2 ^{(Talk | email)} 03:01, 9 May 2008 (UTC)

I made a few changes for it to read better (diff). Neıl ☎ 10:37, 9 May 2008 (UTC)

Fixed an address; there's no list named "otrs-l". - Jredmond (talk) 14:23, 9 May 2008 (UTC)

Added disclosure of non-neutrality if any. FT2 ^{(Talk | email)} 02:53, 10 May 2008 (UTC)

List of recommended anon proxies

We should create this on the Wikipedia:IP block exemption page at something like Wikipedia:IP block exemption#Suggested proxies. That way, people exempted don't end up using some crappy one that will get them hacked or leaked. Lawrence Cohen § t/e 17:07, 9 May 2008 (UTC)

I would be extremely hesitant to make any recommendations about which proxy to use. There is no evidence whatsoever that any open proxy is any better (more secure, whatever) than any other. There is not even any evidence that something like Wikipedia:WikiProject on closed proxies is secure (no offence guys). Users on anonymity networks should ensure the security of their login credentials by using the secure server. Anything else is a personal choice of risk. -- zzuuzz ^(talk) 19:52, 9 May 2008 (UTC)

Autoblocks and bots

This also makes the flagged account immune to autoblocks, rite? This should probably be plugged on bots running on the toolserver so that they don't get whacked by an admin carelessly blocking another malfunctioning bot... Миша 13 19:56, 9 May 2008 (UTC)

Yes, it's immunity from absolutely all blocks (IP, IP range, autoblock, etc) except those directly on their usernames. IPEXEMPTing bots is an interesting idea. I guess you mean, to protect bots from accidental IP blocks of the toolserver? If that's really a problem, it would solve it. But does the toolserver get IP blocked often? I don't know much about it. FT2 ^{(Talk | email)} 22:47, 9 May 2008 (UTC)

I mean one of two things: either an inexperienced admin hardblocks a malfunctioning toolserver bot (that did happen often in the past) or a bot logs out and starts to edit under TS IP, in which case the policy used to say the IP should be blocked. Миша 13 10:02, 10 May 2008 (UTC)

Discussion of IP block exemption generally, for bots, moved to Wikipedia:Bot owners' noticeboard#WP:IPEXEMPT. FT2 ^{(Talk | email)} 01:16, 11 May 2008 (UTC)

Recipients

I was just looking over the list (currently 4) of those who've already received this.

I think it would be helpful if those who have would have some note on their userpage as to why they have received this. (Some do, somewhat, already.) - jc37 20:38, 9 May 2008 (UTC)

Not a bad idea at all. A template would probably be voluntary - so it might be a bit self-defeating. But what about some site code that puts an icon on a user's page if they have ipexempt, like admins have a little mop in the title bar? FT2 ^{(Talk | email)} 22:47, 9 May 2008 (UTC)

I wouldn't oppose that. However, I think it should be a requirement of receiving it that an explanation of it being granted is posted on the person's userpage. (Or, in rare cases, a link to the person who granted it, who "may" explain it's granting, if appropriate. - this exception due to possible anonymity concerns that we may not foresee.)

No explanation (or no link to explanation/explainer), then no IP-exempt. - jc37 00:04, 10 May 2008 (UTC)

Why not a central list of them all? Lawrence Cohen § t/e 00:07, 10 May 2008 (UTC)

I don't like the idea of a little icon, as that makes it start to seem like a status symbol, which it absolutely is not. I think a central list might be a good idea. My original thought was that it would be too much work to maintain such a list, but I don't think it would, given the limited amount of users that are likely to be assigned this flag. --Deskana (talk) 00:09, 10 May 2008 (UTC)

If you provide crackers and cheese, they'll line up to eat : )

As for a list, we already have one: Special:ListUsers filterable by userrights.

And a list of explanations isn't going to be useful to someone who may just be coming to the user's page. - jc37 00:19, 10 May 2008 (UTC)

This guy knows what he's talking about. Concur on the crackers, cheese, and list. We have all that's needed, except a quick way to review for expiry/reasons/abuse, really. And reasons will be in their user rights log. Ideas that avoid crackers and cheese? FT2 ^{(Talk | email)} 02:49, 10 May 2008 (UTC)

(Hmm... what if the icon was only visible (like the DELETE/PROTECT tabs), if the viewer was a sysop? Zero cheese?) FT2 ^{(Talk | email)} 02:59, 10 May 2008 (UTC)

Then let's pummel those giving this that they need to make sure the reason is explictly clearly explained in the user rights log. - jc37 03:05, 10 May 2008 (UTC)

Ok, I'm apparently lost. Where does one find these logs? : ) - jc37 03:11, 10 May 2008 (UTC)

Ok, I found [1], but is there really no listing of this linkable by user, from the user's page? - jc37 03:18, 10 May 2008 (UTC)

Re "pummelling"... agree. (But gentler!) FT2 ^{(Talk | email)} 01:19, 11 May 2008 (UTC)

{{minnow}} ?

(Or perhaps the S. S. Minnow : ) - jc37 01:32, 11 May 2008 (UTC)

Maybe better not to show people's flags. :-) --Kim Bruning (talk) 13:18, 11 May 2008 (UTC)

WikiProject on closed proxies

Hi, I was just wondering, that if possible, could we advise users considering getting IP exempt to have a look at Wikipedia:WikiProject on closed proxies (provides access to password-protected Wikipedia-only no-account-registration or anonymous editing proxies specifically for Wikipedia editors who need to bypass filtering) and trying that out before requesting exemption? Atyndall93 | talk 11:59, 11 May 2008 (UTC)

Sounds like a plan. --Kim Bruning (talk) 13:17, 11 May 2008 (UTC)

I'm not sure what the advantage is. Ip block exemption allows the user's native IP to remain unchanged, a valuable safeguard against attempts to abuse that are inherent with all kinds of proxies. See above for concerns over controls for proxy usage of any kind. The same issues would exist with closed proxies or open ones. Given exemption is available, do we need closed proxies any more, or can we make do with tor + exemption alone? And can someone clarify how abuse possibilities are addressed by the wikiproject? FT2 ^{(Talk | email)} 14:44, 11 May 2008 (UTC)

Well basically, there are several user's that are hosting proxies on servers whose names are not disclosed, these proxies require a username and password to access (you contact the proxy operator to setup an account and find out the proxy's address) and only access the Wikipedia website. They automatically block account creation, so you must contact an admin or the proxy operator to create yourself a Wikipedia account. Accounts using the proxies will have their user talk page's periodically checked (about every 3 days) to see if they are vandalizing or doing bad things, if they are, their proxy username and password are revoked, thus stopping them from using the proxy. The proxy will either prevent anonymous access via its own interface, or I will see if an admin can softblock the proxy's IP address. Atyndall93 | talk 22:10, 12 May 2008 (UTC)

Also, in response to the security of the proxy discussed above, the proxies all must use SSL between the user and the proxy and can be programmed to access the SSL version of Wikipedia, stopping packet sniffing and other security problems. As to the security of the proxy itself, the proxies are hosted by people who have made significant contribution to the Wikipedia project and who would receive a very bad reputation if they were found to be using the proxy against policy. Atyndall93 | talk 22:17, 12 May 2008 (UTC)

How does a new editor behind a firewall come up with the 3,000 edits needed for a closed proxy account (according to Wikipedia:WikiProject on closed proxies/Criteria)? Please see discussion. --Damian Yerrick (talk | stalk) 21:29, 10 July 2011 (UTC)

Just making sure

I have a gnome account (User:Proto) that I use when I don't want to be bothered. I also use Opera Mini quite a lot (thank you, long train journeys) - Opera Mini is currently hardblocked, though, as it doesn't forward XFFs properly or something. Now, this isn't normally an issue as my main sysopped account is exempt anyway, but I have granted the same exemption to my gnome account, reasoning that it's still me anyway, so I can edit using it on Opera Mini. Is that sort of thing okay? Neıl ☄ 11:40, 14 July 2008 (UTC)

You might send a note to OTRS, unblock-en-l, or arbcom-en-l for record. Best, NonvocalScream (talk) 04:24, 15 July 2008 (UTC)

OTRS and arbcom-l have nothing to do with this. I contacted unblock-en-l to request my exemption but you don't need to inform them; just add a note to Wikipedia talk:IP block exemption/log. —Giggy 04:31, 15 July 2008 (UTC)

Oh, I stand corrected. The policly has changed a bit since I first proposed this. Very best, NonvocalScream (talk) 05:40, 15 July 2008 (UTC)

Thanks gents. Neıl ☄ 11:11, 15 July 2008 (UTC)

Tor

I'm going to edit this page and Wikipedia:Advice to users using Tor to bypass the Great Firewall to recommend tor users ask for IPBE. I can not think of any possible harm; since IPBE only applies to the one account with the flag set, at best this will enable someone to use tor with their "good hand" account, while maintaining non-exempt vandal accounts. And anyone who really wants to do this has many other ways available to them already. IPBE really can't be used to enable abuse of tor in any way I can think of. Thatcher 15:49, 19 July 2008 (UTC)

Agree here. This was my intent when I first proposed the policy exemption. NonvocalScream (talk) 16:17, 19 July 2008 (UTC)

Good plan! I support that - Alison ^❤ 16:25, 19 July 2008 (UTC)

request for permission

Can you assign the permission to VFMAC (talk · contribs · count). This account will be used by an individual to ensure cadets or alumni do not make inappropriate changes to it. Referenced in otrs:1769832. Best, NonvocalScream (talk) 03:36, 29 July 2008 (UTC)

Done —Animum (talk) 03:39, 29 July 2008 (UTC)

"I'm a missionary in China"

Don't believe it. Ask for checkuser confirmation. I saw this line used by the Avril vandal and another suspicious account. Thatcher 01:38, 1 August 2008 (UTC)

See my below comment regarding the foundation privacy policy. NonvocalScream (talk) 22:48, 15 August 2008 (UTC)

Question

As evident by the above comment, is it standard practice to perform a checkuser request on an account requesting IP block exemption to confirm that they are actually in China and not just lying? Does this not violate a users privacy? Laurence 1 16:05, 15 August 2008 (UTC)

I don't know if its standard practice, but I don't see how it would be a privacy violation. It would either A) confirm what they've already said and provide no, or very little, new information or B) establish that they are lying and prevent disruption. Mr.Z-man 18:26, 15 August 2008 (UTC)

Such a disclosure to a third party outside checkuser would not be permitted. So if I were an admin and I asked for a check to verify this use is from china, the checkuser would not be able to disclose the result. However, if the requester gave consent, then the result can be disclosed. If the user *is already abusing* a check's results can only be disclosed to formulate IP blocks and formulate ISP abuse reports. Other than that, a check result could not be disclosed to verify the user is from china. The check can be run and the checkuser can set the right. But... the check's result could not be disclosed for a different admin outside checkuser group to set the right. The applicable sections of the privacy policy for this context "ask for checkuser verification" is partly the data derived from page logs sections two and five. NonvocalScream (talk) 22:41, 15 August 2008 (UTC)

First of all, once a user has volunteered the information about themselves, "I am editing from China," it is not a privacy violation to confirm whether that person is telling the truth or lying. Further, note that the privacy policy governs release of personally identifiable data. Generally, information about use of a network in general terms does not constitute personally identifiable information. So, "editing from China" or "editing from Comcast" does not constitute a violation, because the networks are large and that information alone is insufficient to identify someone. The checkuser policy does recommend disclosing a the minimum amount of information needed. So while an answer like, "User:Smith is editing from Comcast on the East coast while user:Jones is editing from AT&T on the West coast" is permissible, a better answer is, "unlikely; different networks in different cities" or even just "unlikely". Regarding tor and "missionaries in China", the "minimum information" rule of thumb suggests that the best answer would simply be to tell the editor or admin that the request should either be granted or denied. But there is no privacy violation in confirming information that an editor has voluntarily released about themselves. Thatcher 00:30, 16 August 2008 (UTC)

In addition to what Thatcher said, if they are already editing from China, admins should be wondering why they would require the exemption at all. The user may claim that they are already using open proxies, and there would therefore be no personal information at all, even with specific IPs (not that I'm suggesting checkuser should release this info). -- zzuuzz ^(talk) 00:57, 16 August 2008 (UTC)

Thatcher, where in the foundation privacy policy does it permit disclosure of information already apparently disclosed by the user? NonvocalScream (talk) 01:09, 16 August 2008 (UTC)

m:CheckUser policy, "On Wikimedia projects, privacy policy considerations are of tremendous importance. Unless someone is violating policy with their actions (e.g. massive bot vandalism or spam) and revealing information about them is necessary to stop the disruption, it is a violation of the privacy policy to reveal their IP, whereabouts, or other information sufficient to identify them, unless they have already revealed this information themselves on the project." (emphasis added) And both the privacy policy and checkuser policy talk about "personally identifiable data;" "editor is in China" is certainly not personally identifiable. Thatcher 01:26, 16 August 2008 (UTC)

I've done some research into "personally identifiable data". It seems that I have been applying a looser definition, than what it actually is, in the IT sphere. You are correct, and thank you for taking the time to explain better. NonvocalScream (talk) 01:53, 16 August 2008 (UTC)

Request for IP block exemption

I realize that this isn't the right place to ask, but I've emailed [email protected] five times now and I haven't received a response, not even an automated reply that my message is going to reviewed by the list admim or whatever, so I think they are not getting through. Does Wikipedia's email system automatically block emails from Tor connections like Wikipedia does? Anyway, could someone here email them for me with the following:

I'd like to request IP block exemption for my account User:Jessica Thunderbolt. I have read Wikipedia:IP block exemption but I'm not sure if I meet the criteria because it says editing via proxies is not allowed except in "exceptional circumstances", so I'll ask anyway and if it can't be done I understand. I'm requesting this because I connect to the internet through a wireless hotspot but it requires a password which I do not have. I can connect to the wireless hotspot but after that it blocks all normal connections, for example google.com, and directs me to the welcome landing page where it asks for credit card details. However, I have discovered that for some reason if I use Tor I can get an connection, I think because Tor encrypts it's traffic and sends it in a non-standard http protocol and multiplexing which the hotspot doesn't notice, so I have to use Tor for all my internet usage. Why, you ask, don't I just use a normal connection? Well, at least this way I don't have to pay for the internet connection, and although Tor is slow it serves my needs quite well. Anyway, I've been able to edit Wikipedia this way but finding an unblocked Tor node if difficult and I'm at the point now that I'm literally pulling my hair out when I get the "your blocked 'cause your editing through Tor" message. It would really save me a lot of time to just be able to edit and not constantly be searching for unblocked Tor nodes. JessicaThunderbolt 17:36, 2 September 2008 (UTC)

I've got the reply, thanks. JessicaThunderbolt 13:47, 4 September 2008 (UTC)

Running a Tor exit node

I am considering running a Tor exit node over my residential Internet connection. Of course, this will likely get my static IP banned on Wikipedia as soon as someone abuses it. I still wish to retain the ability to participate in Wikipedia (through an un-proxied connection), so I am wondering: is the ban only for anonymous users, or for logged-in accounts too? If yes, why? And is there a special exemption category for those running intentional proxies? Can I apply for exemption preemptively? I noticed Wikipedia_talk:Blocking_policy/Tor_nodes, but it is long and inconclusive. Wikipedia should certainly not discourage taking part in a project such a Tor, even if they block edits from Tor. --Dandin1 (talk) 00:03, 18 December 2008 (UTC)

You can completely avoid your IP address being blocked by denying access to Wikipedia's servers in your exit policy. Someone over at WP:VPT will be able to provide the details. Alternatively, if you insist on allowing edits from Tor via your IP address, I am not sure you will find much sympathy. -- zzuuzz ^(talk) 00:45, 18 December 2008 (UTC)

WT:Policies_and_guidelines#Subcats

Discussion about policy subcategories for several pages, including this one. As far as I know, this doesn't make any difference, except as a help to people trying to browse policy. - Dank (push to talk) 03:17, 9 July 2009 (UTC)

Feedback

If you really want feedback on IP block exempt, look no further than Chinese Wikipedia. This permission is granted to users on a nearly daily basis due to Great Firewall of China OhanaUnited^{Talk page} 04:42, 3 September 2009 (UTC)

Category discussion

This page might get a new policy category; the discussion is at WP:VPP#Wikipedia administrative policy. - Dank (push to talk) 01:01, 26 November 2009 (UTC)

Page unclear about torunblocked and admins

I've noticed that the third sentence is a bit confusing when it claims that 'admins are always exempt'. This statement most likely leads to things such as this, where multiple admins remove the IPBE as it's thought to be redundant for those with the admin bit. Would there be a way to clarify the true position a little better, particularly in what situations IPBE would truly be needed for admins? NJA (t/c) 12:04, 7 December 2009 (UTC)

I'm curious why you would go ahead and remove the rights from these folks, apparently without asking them first (although I note you said you'd e-mailed them that you were doing it). Did you check to see if the IPBE was added after they became administrators, or confirm with anyone first that the rights overlapped completely? Nathan^T 16:15, 7 December 2009 (UTC)

It's been removed many times before, particularly before the Tor block, as an apparently obvious thing to do. As I understand it "torunblocked" is not included in the sysop package, or with the ipblock-exempt right, but only the ipblock-exempt group. As a mere sysop I have tried it and cannot edit with Tor. Thus admins using Tor might want this right. -- zzuuzz ^(talk) 16:49, 7 December 2009 (UTC)

Nathan, that's honestly between me and the admins in question, all of whom have been completely understanding of my housekeeping, and of all only two actually still needed the rights. My query was about clarifying the page, not to discuss private issues. Thank you zzuuzz for understanding my query and doing a decent job clarifying the page with just a few words! NJA (t/c) 21:03, 7 December 2009 (UTC)

Two out of five - forty percent isn't what I'd describe as "only." At any rate, while I disagree that somewhat haphazard "housekeeping" with user rights constitutes a private issue, further discussion probably isn't necessary - assuming you exercise a bit more restraint in the future. Nathan^T 22:04, 7 December 2009 (UTC)

Aiye sir. NJA (t/c) 07:03, 8 December 2009 (UTC)

Log

Whilst some admins are using the log, I see from the user rights log that a few are not. Should we alert the admins in question to use the log, or is the log becoming redundant? I think logging is important to monitor potential abuse of this user right. Comments? NJA (t/c) 07:36, 16 December 2009 (UTC)

Logging in from blocked computers

Today, I tried to log in from a public computer, but the computer was blocked, so I couldn't edit anything, even though I was logged in. If were in the IP block-exempt group, then could I edit from blocked computers? --The High Fin Sperm Whale 20:42, 28 January 2010 (UTC)

Yes. –xeno^talk 20:46, 28 January 2010 (UTC)

Were can I ask for it? --The High Fin Sperm Whale 23:43, 28 January 2010 (UTC)

I believe standard practice is to ask a checkuser to add it. –xeno^talk 02:31, 29 January 2010 (UTC) —Preceding unsigned comment added by Xeno on an iPhone (talk • contribs)

Is there a category of CheckUsers willing to grant it? --The High Fin Sperm Whale 03:09, 29 January 2010 (UTC)

Try asking User:Alison –xeno^talk 14:10, 29 January 2010 (UTC)

How to find the log

I have added a link at WP:IPBE#Administrators guide which points to Wikipedia talk:IP block exemption/log because I couldn't find the log last time around. EdJohnston (talk) 18:12, 13 January 2011 (UTC)

Firewall disambiguation: "Used for anonymous proxy editing"

There's a link to a disambiguation page under "Used for anonymous proxy editing", namely the "firewalls" link. Anyone mind if I correct it to firewalls? Allens (talk | contribs) 13:35, 8 April 2012 (UTC)

Query

I've had a request on my talkpage from an editor who wants this right, and I'm struggling a bit to work out what I as an admin who has never awarded this userright need to do to respond. For starters how would I know whether the IP involved had been blocked by a C/U? In fact I'm not comfortable with admins knowing the IPs of editors - if the process relies on the editor saying which IP they've been blocked with then surely that is information that should only be available to people who have been through C/U vetting? Ϣere SpielChequers 11:01, 22 January 2013 (UTC)

You should ask this user to forward you the full text of the block message. Ruslik_Zero 11:50, 22 January 2013 (UTC)

I thought that something like that might be needed, but presumably that includes the IP address? If so is it right that all admins can handle these, surely it should only be check users who have access to people's IP addresses? Ϣere SpielChequers 12:21, 22 January 2013 (UTC)

If a user voluntary provides you with this information, that is fine. Ruslik_Zero 13:26, 22 January 2013 (UTC)

Indeed. As someone who has dealt with the privacy policy for many years now, I can assure you the privacy policy does not apply to information voluntarily given to you by the affected user. Anyway, you can always advise the user to email the functionaries (or email me directly) if you'd rather we handle it. We're happy to do so. --(ʞɿɐʇ) ɐuɐʞsǝp 13:32, 22 January 2013 (UTC)

Thanks, will refer them accordingly. Ϣere SpielChequers 14:22, 22 January 2013 (UTC)

Suggested update

Per multiple comments from Coren (talk · contribs), Risker (talk · contribs) and CBM (talk · contribs) at Wikipedia talk:Arbitration Committee#I demand you all step down, it has been suggested that this policy be updated to include a warning to all users requesting IPBE that they will be CUed and possibly blocked if mistaken as an abusive editor. Perhaps the notice below should be placed at the top of the page.

I'm not attached to this specific wording, so suggested improvemnts are welcome. Does this sound acceptable to everybody? 64.40.54.87 (talk) 20:03, 2 March 2013 (UTC)

Use to bypass autoblocks

One of the two reasons for IP block exemption is: "An editor who is unfortunately affected by a block intended to prevent vandalism or disruption, can be given the flag. They will then be able to edit without being affected by any IP address blocks." The section explaining this only mentions IP range blocks. Sometimes users are repeatedly affected by individual IP blocks or autoblocks of those IP addresses, partilcularly on networks where all edits go through one or a small number of IP addresses. Should the policy also allow exemption in these circumstances? Peter James (talk) 17:38, 1 March 2014 (UTC)

[1] A dedicated attacker would still probably be able to reconstruct the pages visited with a fairly high certainty through elaborate reverse engineering, through correlating the response and request size. With these two and a dump of wikipedia, hoping the size of articles is relatively static, it is possible to find out the likely article you visited. While this is in the realm of theoretical possibilities, people who worry about this are probably in the realm of tinfoil hats, and if emplooyers are doing this, they should probably be concerned for things that are far more grave than then their employers finding out which wikipedia pages are visited or edited.

[ipbe 1]